The current Intranet environment is a bit outdated. The current stack has ASP.NET 1.1 / 2.0 applications that query the SQL 2000 database.
To ensure the security of roles on the servers on which users are added, there are user groups, so you need to add them to the group on the test and production machines. These user groups synchronize with user roles on SQL 2000 itself. Roles are granted permissions to execute stored procedures necessary to prevent any access violations.
At the web application level, we use basic authentication (which authenticates against our Active Directory) and the personification personification is included. The database connection string uses Integrated Security. This creates an environment in which the web application connects to the database when the user logs in, which ensures the security of the database when calling stored procedures. It also allows us to use the typical User.IsInRole () method to perform authorization inside the application itself.
There are several problems with this. First, only our server administrators have access to user groups on the machine, so updating the role security or adding additional users is not among the application administrators. In addition, the only way to get the role is to call an SQL procedure called "xp_logininfo", which is blocked in SQL 2005. Although I do not know the full information, our database administrator tells us that this general model does not play well with SQL 2005, given The nature of the circuits in the newer version.
. .NET 3.5, AJAX, SQL Server 2005 . , Active Directory .
, , , , , , , .
?